ELA-316-1 zsh security update
Package zsh
ELA-316-1 zsh security update
Version 5.0.7-5+deb8u3
Related CVEs CVE-2016-10714 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-13259
Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the receiving user is privileged or traverses the aforementioned path, this leads to privilege escalation.
For Debian 8 jessie, these problems have been fixed in version 5.0.7-5+deb8u3.
We recommend that you upgrade your zsh packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A zsh security update has been released for Debian GNU/Linux 8 Extended LTS to address several security vulnerabilities.